Bug 14750 - regression: Attempt to change password over IPv6 using kpasswd fails on server in gensec_krb5_start with NT_STATUS_INTERNAL_ERROR
Summary: regression: Attempt to change password over IPv6 using kpasswd fails on serve...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.14.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-02 12:25 UTC by lo+samba-bugzilla
Modified: 2021-07-19 06:30 UTC (History)
2 users (show)

See Also:

Attachments
Patch for v4-14-test (1.75 KB, patch)
2021-07-08 09:14 UTC, Stefan Metzmacher 		abartlet: review+
Details
Patch for v4-13-test (1.75 KB, patch)
2021-07-08 09:15 UTC, Stefan Metzmacher 		abartlet: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description lo+samba-bugzilla 2021-07-02 12:25:08 UTC 
After commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any attempt to change a password over IPv6 fails on the server side. Samba generates the following log entries (on the domain controller):

    Starting GENSEC mechanism krb5
    Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR

On the client side the request to change the password results in the following message after a delay of a couple of seconds:

    kpasswd: Cannot contact any KDC for requested realm changing password

Commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6 addresses will be rejected.

Affected are all releases from branches 4.14 and 4.13. Older branches / releases are not affected.

On the distro side, this bug affects soon to be released Debian Bullseye, it does neither affect current stable Debian Buster nor Ubuntu Focal (LTS).
Comment 2 Volker Lendecke 2021-07-02 12:43:44 UTC 
Hmm. Another case of "don't trust static analyzers blindly". Sorry for that!
Comment 3 Samba QA Contact 2021-07-05 23:52:04 UTC 
This bug was referenced in samba master:

0388a8f33bdde49f1cc805a0291859203c1a52b4
Comment 4 Stefan Metzmacher 2021-07-08 09:14:42 UTC 
Created attachment 16676 [details]
Patch for v4-14-test
Comment 5 Stefan Metzmacher 2021-07-08 09:15:22 UTC 
Created attachment 16677 [details]
Patch for v4-13-test
Comment 6 Andrew Bartlett 2021-07-08 09:17:23 UTC 
Karolin,

Please select for the next 4.13 and 4.14 releases.
Comment 7 Karolin Seeger 2021-07-12 12:10:32 UTC 
(In reply to Andrew Bartlett from comment #6)
Pushed to autobuild-v4-{13,14}-test.
Comment 8 Samba QA Contact 2021-07-12 13:53:20 UTC 
This bug was referenced in samba v4-14-test:

c1662a8122011aa550b2ae2325de97c6f57e1485
Comment 9 Samba QA Contact 2021-07-13 10:34:17 UTC 
This bug was referenced in samba v4-14-stable (Release samba-4.14.6):

c1662a8122011aa550b2ae2325de97c6f57e1485
Comment 10 Samba QA Contact 2021-07-13 13:19:29 UTC 
This bug was referenced in samba v4-13-test:

7065f203a9fa0618e9a72043ec925eee7c7cdd01
Comment 11 Samba QA Contact 2021-07-14 08:16:03 UTC 
This bug was referenced in samba v4-13-stable (Release samba-4.13.10):

7065f203a9fa0618e9a72043ec925eee7c7cdd01
Comment 12 Karolin Seeger 2021-07-19 06:30:28 UTC 
Closing out bug report.

Thanks!